<?php
/**
 * Copyright 2011  SURFfoundation
 * 
 * This file is part of ESCAPE.
 * 
 * ESCAPE is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * ESCAPE is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with ESCAPE.  If not, see <http://www.gnu.org/licenses/>.
 * 
 * For more information:
 * http://escapesurf.wordpress.com/
 * http://www.surffoundation.nl/
 * 
 * Contact: d.vierkant@utwente.nl
 * 
 * @license http://www.gnu.org/licenses/gpl.html GNU GPLv3
 */
?>
<?php
/**
 * Account
 * 
 * Edit a user's account details.
 */
class escape_repositoryui_action_Account extends escape_repositoryui_Action
{
	public function handleRequest()
	{
		/* @var $repository escape_repository_Repository */
		$repository =& $this->requestAttributes['repository'];
		/* @var $repositoryUi escape_repositoryui_RepositoryUi */
		$repositoryUi =& $this->requestAttributes['repositoryUi'];
				
		$user = $repositoryUi->getUser();
		if($user === null)
		{
			// user is not logged in, redirect to login page
			$repositoryUi->redirectToLoginForAction($this->requestAttributes['actionName']);
			return null;
		}
		
		
		$verb = null;
		if(isset($_REQUEST['verb']))
		{
			$verb = $_REQUEST['verb'];
		}
		
		$fullname = null;
		if(isset($_REQUEST['fullname']))
		{
			$fullname = $_REQUEST['fullname'];
		}
		else
		{
			$fullname = $user->getName();
		}
		$this->requestAttributes['fullname'] = $fullname;
		
		$email = null;
		if(isset($_REQUEST['email']))
		{
			$email = $_REQUEST['email'];
		}
		else
		{
			$email = $user->getMbox();
		}
		$this->requestAttributes['email'] = $email;

		$organization = null;
		if(isset($_REQUEST['organization']))
		{
			$organization = $_REQUEST['organization'];
		}
		else
		{
			$organization = $user->getOrganization();
		}
		$this->requestAttributes['organization'] = $organization;

		$dai = null;
		if(isset($_REQUEST['dai']))
		{
			$dai = $_REQUEST['dai'];
		}
		else
		{
			$dai = $user->getDai();
		}
		$this->requestAttributes['dai'] = $dai;
		
		$password = null;
		if(isset($_REQUEST['password']))
		{
			$password = $_REQUEST['password'];
		}
		$this->requestAttributes['password'] = $password;
		
		// get the error messages queue
		$errorMessages =& $this->requestAttributes['errorMessages'];
		if(!isset($errorMessages))
		{
			$errorMessages = array();
		}
		
		$doRedirect = false;
		
		if($verb === 'updateAccount')
		{
			if($fullname == '')
			{
				$errorMessages[] = 'Please provide your full name';
			}
			if($email == '')
			{
				$errorMessages[] = 'Please provide a email address';
			}
	
	
			if(count($errorMessages) === 0)
			{
				//TODO: keep in sync with AdminCreateUser.php, Signup.php, AdminEditUser.php and ResetPassword.php or move to shared function
				if(strlen($fullname) > 250)
				{
					$errorMessages[] = 'Full name is too long, please use at most 250 characters';
				}
				if(strlen($password) > 0)
				{
					if(strlen($password) > 32)
					{
						$errorMessages[] = 'Password is too long, please use at most 32 characters';
					}
					if(strlen($password) < 4)
					{
						$errorMessages[] = 'Password is too short, please use at least 4 characters';
					}
				}
				if(strlen($email) > 250)
				{
					$errorMessages[] = 'Email address is too long, please use at most 250 characters';
				}
	
				if(!preg_match('~^[^@]+@[^.]+\..+~', $email))
				{
					$errorMessages[] = 'Invalid email address';
				}
			}
			
			if(count($errorMessages) === 0)
			{
				if($user->getName() != $fullname)
				{
					$user->setName($fullname);
				}
				if($user->getMbox() != $email)
				{
					$user->setMbox($email);
				}
				if($user->getOrganization() != $organization)
				{
					$user->setOrganization($organization);
				}
				if($user->getDai() != $dai)
				{
					$user->setDai($dai);
				}
				if($password !== null && $password != '')
				{
					$user->setPassword($password);
				}
				
				$doRedirect = true;
			}
		}
		else if($verb === 'removeOpenId')
		{
			$openId = $_REQUEST['openId'];
			
			$passwordHash = $user->getPasswordHash();
			if($passwordHash === null && count($user->getOpenIds()) === 1)
			{
				$errorMessages[] = 'Please set a local ESCAPE account password before disconnecting this OpenID account.';
			}
			else
			{
				$user->removeOpenId($openId);
			}
		}
	
		$this->requestAttributes['errorMessages'] =& $errorMessages;
				
		if(!$doRedirect)
		{
			return 'AccountDetailsForm';
		}
		else
		{
			$returnUrl = $repository->config['server_url'] . $repositoryUi->getActionLinkById('me');
			if($repositoryUi->isGadgetMode())
			{
				$returnUrl .= '?gadget=1';
			}
			header("Location: " . $returnUrl);
			
			return null;
		}
	}
}